Don't get me wrong, my motives for this post are entirely altruistic. I enjoy StackOverflow and I want the system to be improved.

I do not like your captcha. I like reCaptcha, but I also like making a lot of edits to my posts and so get hit by the captcha a whole lot more than is necessary. You must revamp the "heat" system used to prompt people with the captcha. For instance if your score is 1k+, then you shouldn't be prompted with a captcha as much. Basically I just want to make sure my posts are accurate and clean without deciphering an entire novel for Google's reCaptcha service.

I accidentally found a bypass to your Captcha implementation. When I make an edit, and get prompted with the captcha, press "back", and then resubmit the form. Presto! No annoying captcha! This back trick seems to only work when you are editing, although I haven't fully tested it.

@Aarobot oah i'd edit that, but then i'd have to solve another captcha :)
–
RookApr 14 '10 at 21:25

@Aarobot: He found a way to bypass the spell-checker too ("secuirty"?). He's that good. ;)
–
gnostradamusApr 14 '10 at 21:26

@The Rook, I believe we have an informalish rule around here to not curse(going so far that brainf*ck must be censored) so I edited your question. I really wanted to say "from damaging content and making your users hate the pony overflow system."
–
EarlzApr 14 '10 at 21:26

I almost never get rate-limited anymore, and there are times when I do a lot of rapid edits. I think the system already auto-adjusts based on either past behaviour or rep, but I have only anecdotal evidence to back that up.
–
AarobotApr 14 '10 at 21:48

@Daniel and @Pollyanna, So let me get this straight, your trying to tell me that someone else has reported a vulnerability in SO's Captcha and it still hasn't been patched? And then you duplicate your comment?
–
RookApr 15 '10 at 21:16

2

@The Rook The duplicates are only partial - related to the hate for the captcha. So I recognize that the question is not really a duplicate. About your second question, the comments are not duplicated.
–
Daniel DaranasApr 15 '10 at 23:53

Essentially, it seems to me you are asking for a "suspicious" bit on the user table, if you are ever presented with a CAPTCHA, no content should EVER be accepted from you until you solve a CAPTCHA.

My question to you would be, are you basing this on an actual issue we have with bots? We use the CAPTCHA as a rate limiter, if you want to answer questions or edit REALLY fast, you are going have to solve a CAPTCHA or wait for the 5 seconds to elapse.

Now, we have plenty of other mechanisms that protect us from bots. This is not the only one. It is essentially a never ending arms race; we adjust our immune system as bots become more sophisticated. We are accepting tons of content daily. At the moment our immune system is quite strong and we are not seeing too many bots and plain old spammers cause a big load on us.

As with any immune system, if the virus becomes more problematic we may need to adjust stuff.